{"id":"CVE-2024-32464","summary":"ActionText ContentAttachment can Contain Unsanitized HTML","details":"Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.","aliases":["BIT-rails-2024-32464","GHSA-prjp-h48f-jgf6"],"modified":"2026-04-10T05:12:13.728825Z","published":"2024-06-04T19:53:59.774Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32464.json","cwe_ids":["CWE-79","CWE-80"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32464.json"},{"type":"ADVISORY","url":"https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32464"},{"type":"FIX","url":"https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rails/rails","events":[{"introduced":"d39db5d1891f7509cde2efc425c9d69bbb77e670"},{"fixed":"19eebf6d33dd15a0172e3ed2481bec57a89a2404"}],"database_specific":{"versions":[{"introduced":"7.1.0"},{"fixed":"7.1.3.4"}]}},{"type":"GIT","repo":"https://github.com/rails/rails","events":[{"introduced":"0"},{"last_affected":"9098f535b2accef27c6c284dede119c936c44595"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"= 7.2.0.beta1"}]}}],"versions":["v0.10.0","v0.10.1","v0.11.0","v0.11.1","v0.12.0","v0.13.0","v0.13.1","v0.14.1","v0.14.3","v0.9.1","v0.9.2","v0.9.3","v0.9.4","v0.9.4.1","v0.9.5","v1.1.0","v1.1.0_RC1","v1.1.1","v2.0.0","v2.0.0_PR","v2.0.0_RC1","v2.0.0_RC2","v2.0.1","v3.0.0.beta.3","v3.0.0.beta3","v3.1.0.beta1","v3.1.0.rc1","v3.2.0.rc1","v4.0.0.beta1","v4.0.0.rc1","v4.2.0.beta1","v5.0.0.beta1","v5.0.0.beta2","v5.0.0.beta4","v5.1.0.beta1","v6.0.0.beta1","v6.0.0.beta2","v6.1.0.rc1","v7.0.0.alpha1","v7.0.0.alpha2","v7.1.0","v7.1.0.beta1","v7.1.1","v7.1.2","v7.1.3","v7.1.3.1","v7.1.3.2","v7.1.3.3","v7.2.0.beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32464.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}